javax.net.ssl: abstract public class: SSLServerSocket

javax.net.ssl
abstract public class: SSLServerSocket [javadoc | source]

java.lang.Object
   java.net.ServerSocket
      javax.net.ssl.SSLServerSocket

All Implemented Interfaces:
Closeable

This class extends ServerSockets and provides secure server sockets using protocols such as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.

Instances of this class are generally created using a SSLServerSocketFactory. The primary function of SSLServerSockets is to create SSLSockets by accepting connections.

SSLServerSockets contain several pieces of state data which are inherited by the SSLSocket at socket creation. These include the enabled cipher suites and protocols, whether client authentication is necessary, and whether created sockets should begin handshaking in client or server mode. The state inherited by the created SSLSocket can be overriden by calling the appropriate methods.

Also see:

java.net.ServerSocket

SSLSocket

since: 1.4 -

author: David - Brownell

Constructor:

Constructor:
protected SSLServerSocket() throws IOException { super(); } Used only by subclasses. Create an unbound TCP server socket using the default authentication context. Throws: `IOException` - if an I/O error occurs when creating the socket
protected SSLServerSocket(int port) throws IOException { super(port); } Used only by subclasses. Create a TCP server socket on a port, using the default authentication context. The connection backlog defaults to fifty connections queued up before the system starts to reject new connection requests. A port number of `0` creates a socket on any free port. If there is a security manager, its `checkListen` method is called with the `port` argument as its argument to ensure the operation is allowed. This could result in a SecurityException. Parameters: `port` - the port on which to listen Throws: `IOException` - if an I/O error occurs when creating the socket `SecurityException` - if a security manager exists and its `checkListen` method doesn't allow the operation. `IllegalArgumentException` - if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive. Also see: SecurityManager#checkListen
protected SSLServerSocket(int port, int backlog) throws IOException { super(port, backlog); } Used only by subclasses. Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections. A port number of `0` creates a socket on any free port. The `backlog` argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than `0`. If it is less than or equal to `0`, then an implementation specific default will be used. If there is a security manager, its `checkListen` method is called with the `port` argument as its argument to ensure the operation is allowed. This could result in a SecurityException. Parameters: `port` - the port on which to listen `backlog` - requested maximum length of the queue of incoming connections. Throws: `IOException` - if an I/O error occurs when creating the socket `SecurityException` - if a security manager exists and its `checkListen` method doesn't allow the operation. `IllegalArgumentException` - if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive. Also see: SecurityManager#checkListen
protected SSLServerSocket(int port, int backlog, InetAddress address) throws IOException { super(port, backlog, address); } Used only by subclasses. Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections as well as a particular specified network interface. This constructor is used on multihomed hosts, such as those used for firewalls or as routers, to control through which interface a network service is provided. If there is a security manager, its `checkListen` method is called with the `port` argument as its argument to ensure the operation is allowed. This could result in a SecurityException. A port number of `0` creates a socket on any free port. The `backlog` argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than `0`. If it is less than or equal to `0`, then an implementation specific default will be used. If address is null, it will default accepting connections on any/all local addresses. Parameters: `port` - the port on which to listen `backlog` - requested maximum length of the queue of incoming connections. `address` - the address of the network interface through which connections will be accepted Throws: `IOException` - if an I/O error occurs when creating the socket `SecurityException` - if a security manager exists and its `checkListen` method doesn't allow the operation. `IllegalArgumentException` - if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive. Also see: SecurityManager#checkListen

 protected SSLServerSocket() throws IOException {
 super();
}

Create an unbound TCP server socket using the default authentication context.

Throws:

IOException - if an I/O error occurs when creating the socket

 protected SSLServerSocket(int port) throws IOException {
 super(port);
}

Create a TCP server socket on a port, using the default authentication context. The connection backlog defaults to fifty connections queued up before the system starts to reject new connection requests.

A port number of 0 creates a socket on any free port.

If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.

Parameters:

port - the port on which to listen

Throws:

IOException - if an I/O error occurs when creating the socket

SecurityException - if a security manager exists and its checkListen method doesn't allow the operation.

IllegalArgumentException - if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive.

Also see:

SecurityManager#checkListen

 protected SSLServerSocket(int port,
    int backlog) throws IOException {
 super(port, backlog);
}

Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections.

A port number of 0 creates a socket on any free port.

The backlog argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than 0. If it is less than or equal to 0, then an implementation specific default will be used.

If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.

Parameters:

port - the port on which to listen

backlog - requested maximum length of the queue of incoming connections.

Throws:

IOException - if an I/O error occurs when creating the socket

SecurityException - if a security manager exists and its checkListen method doesn't allow the operation.

IllegalArgumentException - if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive.

Also see:

SecurityManager#checkListen

 protected SSLServerSocket(int port,
    int backlog,
    InetAddress address) throws IOException {
 super(port, backlog, address);
}

Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections as well as a particular specified network interface. This constructor is used on multihomed hosts, such as those used for firewalls or as routers, to control through which interface a network service is provided.

If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.

A port number of 0 creates a socket on any free port.

If address is null, it will default accepting connections on any/all local addresses.

Parameters:

port - the port on which to listen

backlog - requested maximum length of the queue of incoming connections.

address - the address of the network interface through which connections will be accepted

Throws:

IOException - if an I/O error occurs when creating the socket

SecurityException - if a security manager exists and its checkListen method doesn't allow the operation.

IllegalArgumentException - if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive.

Also see:

SecurityManager#checkListen

Method from javax.net.ssl.SSLServerSocket Summary:
getEnableSessionCreation, getEnabledCipherSuites, getEnabledProtocols, getNeedClientAuth, getSSLParameters, getSupportedCipherSuites, getSupportedProtocols, getUseClientMode, getWantClientAuth, setEnableSessionCreation, setEnabledCipherSuites, setEnabledProtocols, setNeedClientAuth, setSSLParameters, setUseClientMode, setWantClientAuth

Methods from java.net.ServerSocket:
accept, bind, bind, close, createImpl, getChannel, getImpl, getInetAddress, getLocalPort, getLocalSocketAddress, getReceiveBufferSize, getReuseAddress, getSoTimeout, implAccept, isBound, isClosed, setBound, setCreated, setPerformancePreferences, setReceiveBufferSize, setReuseAddress, setSoTimeout, setSocketFactory, toString

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from javax.net.ssl.SSLServerSocket Detail:
abstract public boolean getEnableSessionCreation() Returns true if new SSL sessions may be established by the sockets which are created from this server socket.
abstract public String[] getEnabledCipherSuites() Returns the list of cipher suites which are currently enabled for use by newly accepted connections. If this list has not been explicitly modified, a system-provided default guarantees a minimum quality of service in all enabled cipher suites. There are several reasons why an enabled cipher suite might not actually be used. For example: the server socket might not have appropriate private keys available to it or the cipher suite might be anonymous, precluding the use of client authentication, while the server socket has been told to require that sort of authentication.
abstract public String[] getEnabledProtocols() Returns the names of the protocols which are currently enabled for use by the newly accepted connections.
abstract public boolean getNeedClientAuth() Returns true if client authentication will be required on newly `accept`ed server-mode `SSLSocket`s. The initial inherited setting may be overridden by calling SSLSocket#setNeedClientAuth(boolean) or SSLSocket#setWantClientAuth(boolean) .
public SSLParameters getSSLParameters() { SSLParameters parameters = new SSLParameters(); parameters.setCipherSuites(getEnabledCipherSuites()); parameters.setProtocols(getEnabledProtocols()); if (getNeedClientAuth()) { parameters.setNeedClientAuth(true); } else if (getWantClientAuth()) { parameters.setWantClientAuth(true); } return parameters; } Returns the SSLParameters in effect for newly accepted connections. The ciphersuites and protocols of the returned SSLParameters are always non-null.
abstract public String[] getSupportedCipherSuites() Returns the names of the cipher suites which could be enabled for use on an SSL connection. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.
abstract public String[] getSupportedProtocols() Returns the names of the protocols which could be enabled for use.
abstract public boolean getUseClientMode() Returns true if accepted connections will be in SSL client mode.
abstract public boolean getWantClientAuth() Returns true if client authentication will be requested on newly accepted server-mode connections. The initial inherited setting may be overridden by calling SSLSocket#setNeedClientAuth(boolean) or SSLSocket#setWantClientAuth(boolean) .
abstract public void setEnableSessionCreation(boolean flag) Controls whether new SSL sessions may be established by the sockets which are created from this server socket. `SSLSocket`s returned from `accept()` inherit this setting.
abstract public void setEnabledCipherSuites(String[] suites) Sets the cipher suites enabled for use by accepted connections. The cipher suites must have been listed by getSupportedCipherSuites() as being supported. Following a successful call to this method, only suites listed in the `suites` parameter are enabled for use. Suites that require authentication information which is not available in this ServerSocket's authentication context will not be used in any case, even if they are enabled. `SSLSocket`s returned from `accept()` inherit this setting.
abstract public void setEnabledProtocols(String[] protocols) Controls which particular protocols are enabled for use by accepted connections. The protocols must have been listed by getSupportedProtocols() as being supported. Following a successful call to this method, only protocols listed in the `protocols` parameter are enabled for use. `SSLSocket`s returned from `accept()` inherit this setting.
abstract public void setNeedClientAuth(boolean need) Controls whether `accept`ed server-mode `SSLSockets` will be initially configured to require client authentication. A socket's client authentication setting is one of the following: client authentication required client authentication requested no client authentication desired Unlike #setWantClientAuth(boolean) , if the accepted socket's option is set and the client chooses not to provide authentication information about itself, the negotiations will stop and the connection will be dropped. Calling this method overrides any previous setting made by this method or #setWantClientAuth(boolean) . The initial inherited setting may be overridden by calling SSLSocket#setNeedClientAuth(boolean) or SSLSocket#setWantClientAuth(boolean) .
public void setSSLParameters(SSLParameters params) { String[] s; s = params.getCipherSuites(); if (s != null) { setEnabledCipherSuites(s); } s = params.getProtocols(); if (s != null) { setEnabledProtocols(s); } if (params.getNeedClientAuth()) { setNeedClientAuth(true); } else if (params.getWantClientAuth()) { setWantClientAuth(true); } else { setWantClientAuth(false); } } Applies SSLParameters to newly accepted connections. This means: if `params.getCipherSuites()` is non-null, `setEnabledCipherSuites()` is called with that value if `params.getProtocols()` is non-null, `setEnabledProtocols()` is called with that value if `params.getNeedClientAuth()` or `params.getWantClientAuth()` return `true`, `setNeedClientAuth(true)` and `setWantClientAuth(true)` are called, respectively; otherwise `setWantClientAuth(false)` is called.
abstract public void setUseClientMode(boolean mode) Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode. Servers normally authenticate themselves, and clients are not required to do so. In rare cases, TCP servers need to act in the SSL client mode on newly accepted connections. For example, FTP clients acquire server sockets and listen there for reverse connections from the server. An FTP client would use an SSLServerSocket in "client" mode to accept the reverse connection while the FTP server uses an SSLSocket with "client" mode disabled to initiate the connection. During the resulting handshake, existing SSL sessions may be reused. `SSLSocket`s returned from `accept()` inherit this setting.
abstract public void setWantClientAuth(boolean want) Controls whether `accept`ed server-mode `SSLSockets` will be initially configured to request client authentication. A socket's client authentication setting is one of the following: client authentication required client authentication requested no client authentication desired Unlike #setNeedClientAuth(boolean) , if the accepted socket's option is set and the client chooses not to provide authentication information about itself, the negotiations will continue. Calling this method overrides any previous setting made by this method or #setNeedClientAuth(boolean) . The initial inherited setting may be overridden by calling SSLSocket#setNeedClientAuth(boolean) or SSLSocket#setWantClientAuth(boolean) .